adding card keys and make them non exportable

Heiko Folkerts heiko at hfolkerts.de
Tue Sep 29 21:51:56 CEST 2015


Hi all,
I am new to this list and have a question I couldn't find answered either in
the docs or in the FAQ.

I just started using a smart card with GPG namely the nitro key
www.nitrokey.com . It behaves like a smart card so this shouldcorrespond to
any GPG card as well.

I already had a key pair with some signatures so I decided to add a card sub
key to my main key as explained in the manual. I did this by
Gpg --edit-key b5f8d556 (ny main key ID)
Addcardkey

I created all three kinds of keys and they show up in the main key.

I now can export the secret sub keys with 
Gpg --export-secret-subkeys 
Or one by one specifying the single key IDS. AFAIK the trick to smart cards
ist hat the keys are not exportable from them. So while exporting the keys
to a backup was helpful to me I'd like to know how to keep them only on the
card and make them no longer exportable. AFAIK the exports contain a valid
looking key block.

Keytocard
Resulted in the message that the keys are already on the card (which is OK)
but still they can be exported.

So how to proceed?

Thanks in advance

Heiko


Machen Sie mit und teilen Sie Ihr Wissen auf www.besonderetipps.de

Bitte schützen Sie meine und Ihre privatsphäre und verwenden Sie PGP.
pub   2048R/B5F8D556 2014-08-06
  Schl.-Fingerabdruck = 758D DA37 1DA1 1E2F 7CDD  60A2 F3F4 1E8D B5F8 D556
uid       [ uneing.] Heiko Folkerts <heiko.folkerts at bfg-it.de>
uid       [ uneing.] Heiko Folkerts <heiko at hfolkerts.de>
uid       [ uneing.] Heiko Folkerts <heiko_folkerts at web.de>
sub   4096g/BC0D1006 2015-08-27 [verf„llt: 2016-08-26]






More information about the Gnupg-users mailing list